<html>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<head>
<title>Section 13.1.&nbsp; Cookies</title>
<link rel="STYLESHEET" type="text/css" href="images/style.css">
<link rel="STYLESHEET" type="text/css" href="images/docsafari.css">
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-CHP-13.html><img src="images/prev.gif" width="60" height="17" border="0" align="absmiddle" alt="Previous Page"></a>
<td align="right"><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-CHP-13-SECT-2.html><img src="images/next.gif" width="60" height="17" border="0" align="absmiddle" alt="Next Page"></a>
</div></td></tr></table>
<br><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr><TD valign="top"><a name="learnphpmysql-CHP-13-SECT-1"></a>
<h3 id="title-IDAXUMAJ" class="docSection1Title">13.1. Cookies</h3>
<p class="docText">You can track certain user details like the number of visits, names, or the date of the last visit using <span class="docEmphasis">cookies</span>,<a name="IDX-CHP-13-0604"></a> 
 which are small bits of text stored on the client that have been available since Netscape 1.0. The client machine stores this information and sends it to the web server whenever there is a request. Cookies data is sent along with the HTTP headers.</p>
<p class="docText">After the first visit to a web site, the browser returns a copy of the cookie to the server each time it connects. For security reasons, cookies can be read only from the domain that created them. Additionally, cookies have an expiration date after which they're deleted. The maximum size of data that a cookie can hold is 4 KB.</p>
<p class="docText">Cookies are different from sessions, because cookies are stored on the client's disk, whereas a session stores the bulk of its data on the server. Sessions are basically like tokens, which are generated at authentication. This means that a session is available as long as the browser is opened. Sessions actually use a single cookie by default to track their token or session identifier.</p>
<p class="docText"><a class="docLink" href="#learnphpmysql-CHP-13-FIG-1">Figure 13-1</a> illustrates where cookies are stored when a web browser requests pages; in this example, <a class="docLink" target="_blank" href="http://example.com/set.php">http://example.com/set.php</a> followed by <a class="docLink" target="_blank" href="http://example.com/read.php">http://example.com/read.php</a>. The actual key storage resides on the client's browser after the first page is requested. When the client requests the second page, it also sends the cookie data to the server.</p>
<a name="learnphpmysql-CHP-13-FIG-1"></a><p><center>
<h5 class="docFigureTitle">Figure 13-1. Client browser and server interaction with cookies</h5>
<img border="0" alt="" width="549" height="185" SRC="images/learnphpmysql_1301.jpg">
</center></p><br>
<p class="docText">Sessions are popularly used, as there's a chance of your cookies getting blocked if the user's browser security setting is high. Sessions provide a fall back of passing the session identifier from page to page if cookies are disabled.</p>
<P><table border="0" bgcolor="black" cellspacing="0" cellpadding="1" width="90%" align="center"><tr><td><table bgcolor="white" width="100%" border="0" cellspacing="0" cellpadding="6"><TR><TD width="60" valign="top"><img src="images/tip_yellow.jpg" width="50" height="54" alt=""></td><TD valign="top">
<p class="docText">When you issue <tt>_session_start</tt>, it generates a session ID and places that on the client side in a cookie. There are ways to avoid this, such as using the tag rewrite.</p>
</td></tr></table></TD></tr></table></P><br>
<p class="docText">Mostly the server uses the cookie to remember the user and maintain the illusion of a session that spans multiple pages. Everything you could possibly want to know about cookies can be found at <a class="docLink" target="_blank" href="http://www.w3.org/Security/Faq/wwwsf2.html#CLT-Q10">http://www.w3.org/Security/Faq/wwwsf2.html#CLT-Q10</a>.</p>
<a name="learnphpmysql-CHP-13-SECT-1.1"></a>
<H4 id="title-IDAYWMAJ" class="docSection2Title">13.1.1. Setting a Cookie</H4>
<a name="IDX-CHP-13-0605"></a> 
<a name="IDX-CHP-13-0606"></a> 

<p class="docText">PHP provides an easy way to set a cookie: the function <tt>setcookie</tt>.</p>
<P><table border="0" bgcolor="black" cellspacing="0" cellpadding="1" width="90%" align="center"><tr><td><table bgcolor="white" width="100%" border="0" cellspacing="0" cellpadding="6"><TR><TD width="60" valign="top"><img src="images/tip_yellow.jpg" width="50" height="54" alt=""></td><td valign="top">
<p class="docText">Because cookies are generated as part of HTML page headers, it's important that you call <tt>setcookie</tt> before sending any other output.</p>
</td></TR></table></td></TR></table></p><br>
<p class="docText">The function takes a name for the cookie as a parameter. You can optionally specify other details; for example:</P>
<pre>
setcookie ( <tt><I>name</i></tt> , <tt><I>value</i></tt> , <tt><i>expire</i></tt> , <tt><i>path</i></tt>, <tt><i>domain</i></tt> , <tt><i>secure</i></tt> )
</pre><br>

<p class="docText"><a class="docLink" href="#learnphpmysql-CHP-13-TABLE-1">Table 13-1</a> lists the parameter values and their meanings for <tt>setcookie</tt>.</p>
<a name="learnphpmysql-CHP-13-TABLE-1"></a><p><table cellspacing="0" FRAME="hsides" RULES="all" cellpadding="4" width="100%"><caption><H5 class="docTableTitle">Table 13-1. setcookie parameters</h5></caption><colgroup span="3"><col><col><col></colgroup><thead><tr><th class="thead" scope="col" align="left"><p class="docText">Parameter</P></th><th class="thead" scope="col" align="left"><p class="docText">Meaning</P></th><th class="thead" scope="col" align="left"><p class="docText">Example value</p></th></TR></thead><tr><td class="docTableCell" align="left"><p class="docText">name</p></TD><td class="docTableCell" align="left"><p class="docText">The name that the cookie will use for storage and retrieval.</P></td><td class="docTableCell" align="left"><p class="docText">username</P></TD></tr><TR><td class="docTableCell" align="left"><p class="docText">value</p></TD><TD class="docTableCell" align="left"><p class="docText">The value stored in the cookie.</p></td><td class="docTableCell" align="left"><p class="docText">michele</p></TD></tr><TR><td class="docTableCell" align="left"><p class="docText">expire</p></TD><TD class="docTableCell" align="left"><p class="docText">A Unix timestamp when the cookie expires. If not set, the cookie expires when the user closes her browser.</p></TD><td class="docTableCell" align="left"><p class="docText"><tt>Time()+60*60*24*7</tt> tells the cookie to expire in a week</p></td></tr><tr><td class="docTableCell" align="left"><p class="docText">path</p></td><td class="docTableCell" align="left"><p class="docText">The URL paths on the site that can access the cookie. Defaults to <span class="docEmphasis">/</span>, which means all directories can access the cookie.</p></td><td class="docTableCell" align="left"><p class="docText">/testing</P></td></tr><TR><TD class="docTableCell" align="left"><p class="docText">domain</p></TD><td class="docTableCell" align="left"><p class="docText">Similar to a <tt>path</tt>, except access<a name="IDX-CHP-13-0607"></a> 
 can be limited to a subdomain of a site.</p></td><TD class="docTableCell" align="left"><p class="docText">To limit access to only <span class="docEmphasis">www</span> on site <span class="docEmphasis">example.com</span> use <tt>www.example.com</tt>. To grant access to all domains, use <tt>.example.com</tt>.</p></TD></tr><tr><TD class="docTableCell" align="left"><p class="docText">secure</P></td><TD class="docTableCell" align="left"><p class="docText">If set to 1, cookies are sent only over a secure HTTPS connection. HTTPS connections use encryption between the client and the browser to secure data.</p></td><TD class="docTableCell" align="left"><p class="docText">0 for secure and 1 for insecure, which is the default.</P></td></tr></table></p><br>
<p class="docText"><a class="docLink" href="#learnphpmysql-CHP-13-EX-1">Example 13-1</a> shows how to create a cookie with the name <tt>username</tt> and the value <tt>michele</tt>.</P>
<a name="learnphpmysql-CHP-13-EX-1"></a><h5 id="title-IDA23MAJ" class="docExampleTitle">Example 13-1. Creating a cookie</H5><p><table cellspacing="0" width="90%" border="1" cellpadding="5"><tr><TD>

<pre>
&lt;?php
//remember that setcookie must come before any other line that generates output
setcookie("username","michele");
echo 'Cookie created.';
?&gt;
</pre><BR>

</td></TR></table></p>
<p class="docText">The cookie was set, but you won't be able to read it until the client reloads the page or browses to another page.</p>

<a name="learnphpmysql-CHP-13-SECT-1.2"></a>
<h4 id="title-IDAI4MAJ" class="docSection2Title">13.1.2. Accessing a Cookie</h4>
<p class="docText">Cookies can be accessed one of two ways. They're accessible from the <tt>$_COOKIE</tt> environmental variable with the syntax <tt>$_COOKIE['</tt><tt><i>cookiename</i></tt><tt>']</tt>, as demonstrated in <a class="docLink" href="#learnphpmysql-CHP-13-EX-2">Example 13-2</a>.</p>
<a name="learnphpmysql-CHP-13-EX-2"></a><h5 id="title-IDA24MAJ" class="docExampleTitle">Example 13-2. Viewing the username cookie</h5><p><table cellspacing="0" width="90%" border="1" cellpadding="5"><tr><td>

<pre>
&lt;?php
if (!isset($_COOKIE['username']))
{
  echo ("Opps, the cookie isn't set!");
}
else
{
  echo ("The stored username is ". $_COOKIE['username'] . ".");
}
?&gt;
</pre><BR>

</td></tr></table></P>
<p class="docText">This code displays with the stored username:</P>
<pre>
The stored username is michele.
</pre><br>

<p class="docText">You can also see all cookies by accessing the super global variable <tt>$_SERVER[HTTP_COOKIE]</tt>.</P>

<a name="learnphpmysql-CHP-13-SECT-1.3"></a>
<h4 id="title-IDAP5MAJ" class="docSection2Title">13.1.3. Destroying a Cookie</h4>
<a name="IDX-CHP-13-0608"></a> 
<a name="IDX-CHP-13-0609"></a> 

<p class="docText">Cookies can be destroyed or deleted by the client or the server. Clients can easily delete their cookies by locating the <span class="docEmphasis">Cookies</span> folder on their system and deleting<a name="IDX-CHP-13-0610"></a> 
 them. The server can delete the cookies by:</p>
<UL><li><p class="docList">Resetting a cookie by specifying expiration time</P></li><li><p class="docList">Resetting a cookie by specifying its name only</P></LI></ul>
<p class="docText">In both instances, you'd use the <tt>setcookie</tt> command. To destroy a cookie by specifying the expiration time, simply call <tt>setcookie</tt> with a past expiration date, as is done in <a class="docLink" href="#learnphpmysql-CHP-13-EX-3">Example 13-3</a>.</P>
<a name="learnphpmysql-CHP-13-EX-3"></a><h5 id="title-IDACBNAJ" class="docExampleTitle">Example 13-3. Destroying a cookie by expiring it in the recent past</h5><P><table cellspacing="0" width="90%" border="1" cellpadding="5"><TR><td>

<pre>
&lt;?php
//remember that setcookie must come before any other line that generates output
setcookie("username","", time()-10 );
echo 'Rosebud.';
?&gt;
</pre><br>

</td></tr></table></P>
<p class="docText"><a class="docLink" href="#learnphpmysql-CHP-13-EX-3">Example 13-3</a> returns:</p>
<pre>
Rosebud.
</pre><BR>

<p class="docText">Now if you called the code in <a class="docLink" href="#learnphpmysql-CHP-13-EX-2">Example 13-2</a> again, you'd get:</p>
<pre>
Oops, the cookie isn't set!
</pre><br>

<p class="docText">Sometimes you may want to restrict pages from being viewed by everyone. Do this by using PHP to get authentication from the HTTP<a name="IDX-CHP-13-0611"></a> 
 server.</P>


<a href="11011536.html"><img src="images/pixel.jpg" alt="" width="1" height="1" border="0"></a></TD></TR></table>
<br>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-CHP-13.html><img src="images/prev.gif" width="60" height="17" border="0" align="absmiddle" alt="Previous Page"></a>
<td align="right"><div STYLE="MARGIN-LEFT: 0.15in;">
<a href=learnphpmysql-CHP-13-SECT-2.html><img src="images/next.gif" width="60" height="17" border="0" align="absmiddle" alt="Next Page"></a>
</div></td></tr></table>
<script type="text/javascript"><!--
google_ad_client = "pub-0203281046321155";
google_alternate_ad_url = "http://www.bookhtml.com/adbrite.htm";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_type = "text_image";
google_ad_channel ="4867465545";
google_color_border = "FFFFFF";
google_color_link = "0000FF";
google_color_bg = "FFFFFF";
google_color_text = "000000";
google_color_url = "0000FF";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
</html>
